Solid working experience in software development. In-depth knowledge of software engineering processes including agile development methods. Familiar with mobile development frameworks; PhoneGap, Sencha, jQuery Mobile, Objective-C, and Java. Ability to learn quickly and take ownership of tasks, process, and products. Ability to work independently and as a team member in a work environment. Ability to work on multiple overlapping projects.

Senior Software Engineer

Start Date: 1997-02-01End Date: 1999-04-01

Designed and implemented customized software for robotic equipment and system integration using C/C++ and Visual Basic for customers in U.S.A. and Germany. Recommended new solution ideas, strategies, and concepts to customers which were subsequently integrated into BMW Automotive and Chrysler. Conducted customer factory floor training on Robot Automation and Graphical User Interface (GUI). Increased product quality at BMW Automotive by implementing a Robot cell, which used a Perceptron Vision system attached to a Robot manipulator. At the time this was an entirely new application for the Body In White manufacturing floor. Honored with employee award for design and implementation of customer projects.

Product Development Manager, Robotic Trainer

Start Date: 1989-03-01End Date: 1997-02-01

division of Nachi Fujikoshi - Japan) Mar 1989 - Feb 1997 Product Development Manager, Robotic Trainer Distinguished as the first U.S. engineer hired by Nachi Japan. Created product training materials and syllabus for U.S.A. automotive industry customers. Managed third party contractors in the translation of documents from Japanese to English. Responsible for creating and managing the first Nachi-U.S. team of four controls engineers. Established a Product Development department in the U.S.A. that collaborated with automotive industry customers to gather requirements and develop hardware and software systems. Integral to securing a long term contract between Nachi and Chrysler. Spent fourteen weeks working in Nachi-Japan on a smart card interface for a Chrysler project.

Senior Software Developer (full-time)

Start Date: 2009-09-01End Date: 2011-05-01

Implemented a web-based application that geo-located all of Southern California Electric's (SCE) deployed smart meter assets on a GIS map. The placemarks on the map, once selected, provide a set of detailed data attributes for each smart meter. This detail data is gathered from several sources within the SCE data center and FEMA using a specialized mashup pattern. A mashup server was utilized to normalize, merge, transform, mashup and republish the new mashed up datasets as web services. Implemented a mobile application that provided remote access to the SCE smart grid enterprise for field technicians. • Implemented a web-based application that provides a graphical interface that illustrates the various event statuses on the US Navy LCS vessels. The status information originates from a Remedy trouble ticket system, it contain the status of the various LCS mission modules that have been deployed (i.e. SUW, MIW, ASW, etc.). The application provides a geospatial map view and a dashboard view. The map view shows the location of each vessel and allows the user to select the ship placemark to get detail data about the vessel (hull type, hull number, command, group, etc.) • Implemented a set of portlets that connected to the Thompson-Reuters TRKD web services and extracted various autonomous data models via a set of REST service. The Presto mashup server was utilized to normalize, merge, transform, mashup and republish the new mashed up datasets as web services.

Senior Software Developer (full-time)

Start Date: 2006-01-01End Date: 2009-09-01

The constellations of Harris Corporation's GOES satellites collect weather and reconnaissance data that is redistributed to various federal government agencies. There are two (2) data feeds from each satellite for redundancy delivering 512MB of data every 180 seconds. Implemented a set of parallel grid services (to handle scaling based on dynamic runtime demand) that receive data from each stream, analyze the data create various types of data products and transmit them to the appropriate agency. • Converted application code and migrated a set of risk management models (actuarial-oriented algorithms) from being processed on a single Windows server to being processed concurrently in a high performance grid computing environment • Converted a legacy HL7 message gateway queuing system into a set of scalable and redundant reception, transformation and re-transmission services running on a high performance computing grid. • Implemented a multi-satellite constellation telemetry monitoring application (for the USAF JSpoC) that runs on a high performance computing grid. The application consists of a set of services hosted on the grid that perform data acquisition, data mashup and space vehicle telemetry monitoring functions. The telemetry data for each constellation or group of vehicles is segregated from other constellation data streams. Multiple streams are then mashed up to create a holistic telemetry view of all the space vehicles on a single dashboard. • Implemented a cyber-defense application (for the 608 at Barksdale AFB cyber) that merges several data sources and correlates the attack data against known attack signatures. The application also utilizes a geo-location service to identify the physical location of cyber attackers. • Implemented a joint readiness deployment application for the US Joint Force Command. The application accessed individual military service branch readiness systems (i.e. GSORTS, ARMS, etc.) utilizing various legacy interfaces. The application utilizes semantic modeling to manage cross dependencies and to provide a common deployment taxonomy to normalize the existing individual service branch taxonomies. Once an analysis of the deployment requirements and processes is performed, a new joint deployment plan / model is generated.

Principal Security Auditor

Start Date: 2007-09-01End Date: 2007-09-01

September 2007 - September 2007 U.S. Nuclear Regulatory Commission (NRC) through contract with Eagle Ray - an independent sub-contractor on project through own company - Yarekx IT Consulting LLC; Chantilly, VA - Principal Security Auditor • Edited technical aspects of the contract proposal for Certification and Accreditation (C&A) activities and IT security audit for U.S. Nuclear Regulatory Commission.

Deployed and configured Cassatt Collage at In-Q-Tel and subsequently at the Central Intelligence Agency. Included integration with the Weblogic application server and associated J2EE applications, Oracle 9i, 10g and Application Server, Windows 2003 Server and JBoss Application Server. Also supported international customer Nippon Steel in Tokyo and Yokohama Japan for several years.

Summary of Qualifications

Start Date: 2013-03-01End Date: 2013-07-01

Twenty years of technical experience, eight years Technical/Solution Architect experience, four years onsite pre-sales engineer. Objective: to help shape the complex adaptations of company's business strategy, products and IT infrastructure by applying senior level Enterprise, Data, and Application Architecture experience.

• Leadership skills include optimization and standardization of business, development, and system/software lifecycle best practices through TOGAF, DODAF, Catalyst and other framework methodology experience • Lead developer and Agile development team lead experience with excellent communication skills provide critical links from highly technical development and infrastructure teams through management and executive project stakeholders • Specialize in application of patterns and automation techniques for operational lifecycles and datacenter operations • Highly skilled with object oriented programming languages C++, Java and Python • Portfolio of development tools includes Eclipse IDE with various plugins, Ant build and deployment tasks, JUnit testing, Javadocs, Hibernate and x-Doclet, as well as shell scripting and load testing utilities • Hardware integration and configuration experience includes servers, blade systems, NAS and SAN storage, network switches, and power systems • Cloud computing experience includes VMWare ESX/ESXi, Computer Associates Applogic, and Sun VirtualBox installation, configuration and administration

Offering for clients the usage of the best commercial penetration testing tools available on the market (many expensive pentesting tools' licenses are already owned). It previously resulted in winning government contract bids.

Experience consists of 26 years of exposure in computers and networks, 19 years in information security / assurance, 15 years in information system (IS) security auditing, 13 years in project management, 13 years in penetration testing and vulnerability assessment, 13 years in application security, 13 years supporting government clients (DoD/ANGB, DSS, DISA, DHHS/FDA, PSC, DoL/ESA, DoS/CA, DHS/FEMA, TSA, DoED, FHFA, LOC, USAID), and 5 years in supporting commercial companies in telecommunication, financial services and banking industry, including banking applications Information Systems (IS) security audits. Education includes ~40 IT certifications, 100+ courses, a Master Degree in Geography (1990), and a second Master Degree in Information Security (2004).

AFFILIATIONS: ACFEI – member of the American College of Forensic Examiners International (www.acfei.com) CSI – member of the Computer Security Institute (www.gocsi.com) IEEE – member of the Institute of Electrical and Electronics Engineers (www.ieee.org) IIA – member of the Institute of Internal Auditors (www.theiia.org) ISACA – member of the Information Systems Audit and Control Association (www.isaca.org) ISSA – member of the Information Systems Security Association (www.issa.org) NAGC – member of the National Association of Government Contractors (web.governmentcontractors.org) NBISE OST – member of the National Board of Information Security Examiners’ Operational Security Testing Panel (https://www.nbise.org/home/about-us/governance/ostp) NoVaH – member of the Northern Virginia Hackers, DC InfoSec Group (http://novahackers.blogspot.com) OWASP – member of the Open Web Application Security Project (OWASP) Northern Virginia Chapter (https://www.owasp.org/index.php/Virginia) and Washington DC Chapter (https://www.owasp.org/index.php/Washington_DC)

Principal Information Security Engineer

Start Date: 2004-11-01End Date: 2006-09-01

• Performed as a principal information security engineer and an INFOSEC principal subject matter expert to the CA ISSO in a multidisciplinary team environment. • Served as Certification and Accreditation (C&A) certifier for Bureau of Consular Affairs. • Leveraged security consultation expertise and findings to design, and deliver new IT services of customized CA business systems so as to ensure that they exceed DoS security requirements in a cost-effective manner. • Served as lead engineer for NG's CA Risk Management (ST3) and System Security Integration Support (ST6) sub-tasks contract with primary responsibility for all aspects of project planning and management. • Supervised the security engineering team in daily security tasks such as vulnerability assessment and patch discovery, testing, implementation, and monitoring in the entire State Dept. Bureau of Consular Affairs. • Created additional technical positions in his security engineering team, billable to the federal contract. • Performed "hands-on" laboratory analyses, security assessments, penetration testing, document evaluation findings, and provided recommendations to government management, team members, and contractors. • Developed and coordinated related project lifecycle security engineering processes and documentation. • Completed vulnerability assessment analysis of CA's Major Applications and General Support Systems. • Defined information security strategy, briefed CA management and system administrators about the vulnerability assessment reports, presented and prioritized options for risk mitigation. • Completed the vulnerability assessments, penetration testing, IT audit, and risk assessment framework on thousands computers, using a variety of automated tools (BTK, MBSA, Harris STAT, Nessus, and AppDetective) as well as manual review and testing of security configurations that include, but are not limited to Windows 2003/2000/NT Server, Windows XP/2000Pro/NT workstation, IIS 6/5/4, SQL Server 2005/2000/7, and Oracle 8i/9i R2/10g RDBMS. • Advised DoS and CA Patch Management groups to enhance methodology and procedures of implementing Microsoft and other vendors' security patches. • Provided technical services for network security monitoring support focusing on server and workstation security. • Reported weekly to the CA ISSO about vulnerability assessment and mitigation activities. • Reviewed information security controls to help provide effective, efficient and secure access to information within operating systems, databases, and applications. • Worked independently on new business development opportunities and on the scope of prospective engagements, wrote, developed and delivered proposals. • Lead technical efforts to research and evaluate new security-related technologies, security vendor offerings, and integrated any appropriate products aimed at reducing the risk to CA's network environment; it resulted in several new products being added to CA's software baseline that are currently in use. • Analyzed and decomposed government customer needs and requirements to identify appropriate solutions. • Lead analysis and planning for standing up new Harris STAT vulnerability assessment and monitoring security architecture and compliance with the Department's and Bureau's information security policies and procedures. • Analyzed existing network infrastructures and provide recommendations to government managers to ensure secure communication of sensitive data and to reduce threats to the DoS SBU network. • Evaluated DoS Diplomatic Security (DS) Windows and Database Security Configuration guides. • Interfaced with the various customers, government management, and projects stakeholders within Consular Affairs and DoS in order to successfully integrate recommended solutions into the existing infrastructure.

Penetration Tester/Auditor

Start Date: 2013-07-01End Date: 2015-03-01

July 2013 - March 2015 - Part-time, remote telework at United States Agency for International Development (USAID) through contract with Open System Sciences of Virginia (OSS) as an independent sub-contractor on project through own company - Yarekx IT Consulting LLC; Newington, VA - Penetration Tester/Auditor. • Conducted remote web application security vulnerability and penetration testing (automated and manual) against huge Internet commercial applications (10,000 web pages) based in the U.S., Europe, and Asia. • Analyzed scans results, manually verified each security vulnerability to avoid reporting false positive issues. • Wrote very detail reports of findings and suggested remediation step-by-step procedures. • Presented to executives/developers web applications security vulnerabilities as defined by OWASP Top 10.

Digital Ninja

Timestamp: 2015-12-07

I have been working on application development for the past 6 years, from positions including Program Manager, Product Owner, SCRUM Master, was the driving force for design and implementation of a commercial application developed completely using the Agile methodology. More recently, as a Senior Digital Developer, for a major media corporation, I have successfully designed, developed, and deployed applications across multiple languages and platforms (HTML, CSS, JS, Java, Objective-C, PHP, and NoSQL). This development includes applications on Web, iOS, Android, and Windows Mobile devices.Computer Skills §• Methodologies: Expert in Software Development Methods (Agile, Spiral, Waterfall) §• Software: Proficient in Mac OSX and Windows Software (Office, Photoshop, Illustrator, Keynote) §• Languages: Proficient in PHP, Javascript, HTML, CSS, SQL. Working knowledge in iOS, XML, JSON. §• Backend/DB: Working knowledge in Cloudbase, Amazon EC2, Parse, NoSQL (CouchDB, MongoDB).

Systems Architect and Administrator

Start Date: 2011-06-01End Date: 2012-01-01

Developed and installed the OZONE Widget Framework (OWF) and Marketplace (OMP) for the Army Intelligence Group at Fort Belvoir. Incorporated existing widgets and provided a mechanism to collaborate on and share the development between disparate organizations within INSCOM.